I've set up different port than default to access remote server via SSH and also disabled password login (pubkey enabled), in /etc/hosts.deny enabled ALL: PARANOID. Anything more to increase security or is this enough?

@nikolal 1) Wazuh HIDS, 2) block traffic from Greensnow IP blacklist; some would also say VPN but if it's just one host I see no point